Information Commissioner’s Office 


Freedom of Information Act 2000 


Definition document for health bodies in Wales 
(including local health boards and NHS trusts) 


This guidance is written for the use of health bodies in Wales. 

It gives examples of the kinds of information that the ICO expects you 
to provide in order to meet your commitments under the model 
publication scheme. 


The ICO would expect you to make the information in this 
definition document available unless: 


e you do not hold the information; 

e the information is exempt under one of the Freedom of 
Information Act (FOIA) exemptions or Environmental 
Information Regulations (EIR) exceptions, or its release is 
prohibited under another statute (eg UK GDPR); 

e the information is readily and publicly available from a relevant 
website; such information may have been provided either by 
you or on your behalf. You must provide a direct link to that 
information; 

e the information is archived, out of date or otherwise 
inaccessible; or 

e it would be impractical or resource-intensive to prepare the 
material for routine release. 


If the information is held by another public authority, you should 
provide details of where to obtain it. 


The guidance is not meant to give an exhaustive list of everything 
that should be covered by a publication scheme. The legal 
commitment is to the model publication scheme, and you should look 
to provide as much information as possible on a routine basis. 


The ICO recognises that this document covers a range of 
organisations which carry out different functions. However, the 
information they hold will fall under the same headings. 


As a minimum, the ICO expects you to make available information that is 
required by statute or by the Welsh Government. 
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Publishing datasets for re-use 


As a public authority, you must publish under your publication 
scheme any dataset you hold that has been requested, together with 
any updated versions, unless you are satisfied that it is not 
appropriate to do so. So far as reasonably practicable, you must 
publish it in an electronic form that is capable of re-use. 


If the dataset or any part of it is a relevant copyright work and you are 
the only owner, you must make it available for re-use under the terms 
of a specified licence. Datasets in which the Crown owns the copyright 
or the database rights are not relevant copyright works. 


The 2018 section 45 Code of Practice recommends that public 
authorities make datasets available for re-use under the Open 
Government Licence. 


The term “dataset” is defined in section 11(5) of FOIA. The terms 
“relevant copyright work” and “specified licence” are defined in section 
19(8) of FOIA. The ICO has published guidance on Datasets (sections 
11, 19 and 45). This explains what is meant by “not appropriate” and 
“capable of re-use. 


Model publication scheme 


The table below identifies the specific information the ICO expects 
health bodies in Wales to publish under each of the seven classes of 
information set out in the model publication scheme. 


Class 1 - Who we are and what we do 


Organisational information, structures, locations and contacts. 


Information in this class to be current information only 
e How we fit into the NHS structure 


Given the nature of the NHS, provide information that explains how the 
organisation fits into either the local or national NHS structure, or both. 
Provide both an outline as well as detailed information about your role 
and responsibilities. 


e Organisational structure 


Corporate governance information including details of board members and 
other key personnel. Include an explanation of your internal structure, 
how the structure relates to roles and responsibilities and details of any 
committee or partnership. 
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e Gender pay gap reporting 


Read the Government’s guidance on the gender pay gap reporting to find 
out what information you need to publish. Publish this data annually if you 
have a head count of 250 staff or more. 


e Workforce diversity 
Publish details of the composition of your workforce. 


e Lists of and information relating to key organisations 
you work in partnership with 


Provide enough detail to ensure information is sufficient for the purposes 
of identifying the relationship between you and these bodies. 


e Meetings with pharmaceutical companies and other 
medical suppliers 


As a minimum, include the name of the company, the date and, if 
appropriate, the name of the member(s) of staff attending, together with 
a general indication of the category of meeting, for example marketing or 
promotion. The names of staff attending should include any senior 
managers and any medically qualified staff. 


e Senior staff and board members 


Identify and include the responsibilities and biographical details of those 
making strategic and operational decisions about the provision of your 
services. Only publish biographical details that are not work-related in 
line with UK GDPR. 


e Location and contact details for all public-facing 
departments 


If possible, give named contacts in addition to contact phone numbers and 
email addresses. 


Class 2 - What we spend and how we spend it 


Financial information relating to projected and actual income and 
expenditure, procurement, contracts and financial audit. 
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As a minimum, make available financial information for the current and 

previous financial year, unless stated otherwise. Provide this information 
as a whole but also, where appropriate, for directorates or departments 

as cost units. 


e Financial statements, budgets and variance reports 


In conjunction with annual accounts, provide financial information in 
sufficient detail to allow the public to see where you are spending money 
or where you are planning to spend it, and the difference between the 
two. 


Publish financial information at least annually. However, where practical, 
provide half yearly or quarterly financial reports. Include revenue 
budgets and budgets for capital expenditure. 


Provide details of items of expenditure over £30,000, including costs, 
supplier and transaction information (monthly). 


e Financial audit reports 
e Capital programme 
e Scheme of delegation 


Make information available on major plans for capital expenditure 
including any public-private partnership contracts. 


e Senior staff and board members’ allowances and 
expenses 


Provide details of the allowances and expenses that can be incurred or 
claimed. Include the total of the allowances and expenses incurred by or 
paid to individual senior staff and management board members by 
reference to categories. Produce these categories in line with your 
policies, practices and procedures and include travel, subsistence and 
accommodation. 


e Staff pay and grading structures 
You can provide this as part of the organisational structure. As a 
minimum, include the details of senior staff salaries in bands of £5,000. 


For all other posts, identify levels of pay by salary range. 


The ‘pay multiple’ - the ratio between the highest paid salary and the 
median average salary of the whole of your workforce. 


e Funding (including endowment funds and charitable funds) 
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e Procurement and tendering procedures 


Provide details of procedures used for the acquisition of goods and 
services. 


e Details of contracts currently being tendered 


As a minimum, include adverts of contracts currently available for public 
tender. 


e List and value of contracts awarded 
In general, only publish details of contracts and invitations to tender 
worth over £25,000 or provide a link to this information on the Welsh 
Government procurement website. 


Class 3 - What our priorities are and how we are doing 


Strategies and plans, performance indicators, audits, inspections and 
reviews. 


e Annual report 

e Annual business plan, including commissioning 

e Targets, aims and objectives 

e Health and Care Standards framework 

e Strategic direction document (five year plan) 

e Performance against targets, KPI, performance 
management information 

e Quality and safety reports, including reports by regulatory 
bodies (eg Healthcare Inspectorate Wales) 

e Annual quality statement 

e Annual governance statement 

e Equal pay reports 

e Caldicott Principles in Practice (CPiP) report 

e Audit reports 

e Clinical audits 

e Service user surveys 

e Clinical services plan, if applicable 

e Communication and engagement strategy (if any) 

e Data protection impact assessments (in full or summary 
format) or any other impact assessment (eg health and 
safety impact assessment, equality impact assessments etc), 
as appropriate and relevant 

e Wellbeing 
If applicable to you, publish your wellbeing objectives, a statement 

Health Bodies (Wales) 5 
Version 4 


20211029 


about your wellbeing objectives and an annual report on the 
progress made in meeting those objectives, as required under the 
Wellbeing of Future Generations (Wales) Act 2015. 


Class 4 - How we make decisions 


Decision-making processes and records of decisions. 


Make information in this class available for at least the current and 
previous three years. If you can make information available for longer, 
explain this in any guidance you produce. 


e Board papers - agenda, supporting papers and minutes 


Include board minutes, minutes from all high-level meetings where 
decisions are made about the provision of services as well as supporting 
documents and papers discussed in these meetings. Exclude material that 
is properly considered to be exempt from disclosure. 


e Patient and public engagement strategy 


e Public consultations (for example, concerning 
closures or variations of services) 


Provide details of consultation exercises and access to the consultation 
papers, or information about where to obtain the papers. Include the 
results of consultation exercises. 


e Internal communications guidance and criteria used for 
decision-making, ie process systems and key personnel 


Make readily available internal instructions, manuals and guidelines for 
dealing with the business of the authority where access to this information 
would assist public understanding of the way decisions are made. This 
does not include disclosing information that might damage your operation. 
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Class 5 - Our policies and procedures 


Current written protocols, policies and procedures for delivering our 
services and responsibilities. 


e Policies and procedures relating to the conduct of 
business and the provision of services 


Procedures for handling requests for information should be included. 

e Health and safety 

e Pay policy statement 
The statement of your policy and procedures regarding pay, including your 
approach to any performance-related pay and to providing support for 


lower paid staff. 


e Policies and procedures relating to human resources, 
including recruitment and employment policies 


If vacancies are advertised as part of your recruitment policies, make 
readily available details of current vacancies. 


e Equality and diversity policies 
Include procedures and guidelines relating to equality and diversity. 
Include in this class of information, codes of practice, memoranda of 
understanding, information sharing protocols and similar information 
should be included. A number of policies, for example equality and 
diversity, and health and safety, will cover both the provision of services 
and the employment of staff. 

e Welsh language standards 
Include details of how you comply with the requirements of either the 
Welsh Language Act 1993 or the Welsh Language Measure (Wales) 
2011, or both. 

e Standing financial instructions or procedures 


e Standing orders 


e Customer service and complaints policies and 
procedures 
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Provide details about standards for providing services to your customers, 
including complaint procedures. Include procedures covering requests for 
information and operating the publication scheme. 


e Data protection, records management, Caldicott 
Guardian 


Include information security policies, high level file plans, records 
retention, destruction and archive policies, data protection (including 
data sharing and CCTV usage) and patient confidentiality policies. 


e Estate management 
e Charging regimes and policies 


Provide details of any statutory charging regimes. As part of your 
charging policies, include charges made for information you routinely 
publish and clearly state what costs you are recovering together with 
the basis on which you make them and how you calculate them. 


If you charge a fee for licensing the re-use of datasets, state in your 
guide to information how you calculate this and whether you are making 
the charge under the Re-use Fees Regulations or under other legislation. 
You cannot charge a re-use fee if you make the datasets available for re- 
use under the Open Government Licence. 


Class 6 - List and registers 


Publish information contained only in currently maintained lists and 
registers. 


e Any information you are currently legally required to 
hold in publicly available registers 


e List of main contractors or suppliers 

e Asset registers 
You do not have to publish all details from all asset registers. However, 
make available the location of public land and building assets and key 
attribute information that is normally recorded on an asset register, along 
with some other information from capital asset registers. 


e Information asset register or equivalent 


If you have prepared an information asset register for the Re-use of 
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Public Sector Information Regulations 2015, publish its contents. 
e CCTV 


Details of the locations of any overt CCTV surveillance cameras operated 
by you or on your behalf. You should decide on the level of detail which 
is appropriate. This could be by building or more general geographic 
locations eg postcodes or partial postcodes, depending on the security 
issues raised. 


e Any register of interests you keep 


e Register of gifts and hospitality provided to board 
members and senior personnel 


e Disclosure log 
If you produced a disclosure log indicating the information provided in 


response to FOIA and EIR requests, make this readily available. Keep 
disclosure logs as a matter of good practice. 


Class 7 -— The services we offer 


Information about the services we offer, including leaflets, 
guidance and newsletters. 


In general, this class is an extension of the first class of information, 
‘Who we are and what we do’. Under this class, you can detail the 
services you provide. As a starting point, provide a list or lists of the 
services that fall within your responsibility linked to the details of those 
services. 


e Clinical services provided or commissioned 
e Non-clinical services 


e Services for which you are entitled to recovera fee 
together with those fees 


e Patient information leaflets and other booklets and 
newsletters 

e How to make a complaint, the NHS Wales Putting 
Things Right arrangements 


e Advice and guidance 
e Corporate communications and media releases 
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